Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/f8fd59-0115-4db3-bd85-18c70ebf681a/1/ySJySDEQgnkfN0Xrd6qsJXuUEgs.roa
File:                     ySJySDEQgnkfN0Xrd6qsJXuUEgs.roa (raw, json)
Hash identifier:          qoJTWIOFmHcUh3GJnbLOPaH12VuPEZ8/k4x69jhF9wY=
Subject key identifier:   C9:22:72:48:31:10:82:79:1F:37:45:EB:77:AA:AC:25:7B:94:12:0B
Certificate issuer:       /CN=a00cb4b8d569477512ce57885ba6a2898fbc2d95
Certificate serial:       021EFC30
Authority key identifier: A0:0C:B4:B8:D5:69:47:75:12:CE:57:88:5B:A6:A2:89:8F:BC:2D:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oAy0uNVpR3USzleIW6aiiY-8LZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/f8fd59-0115-4db3-bd85-18c70ebf681a/1/ySJySDEQgnkfN0Xrd6qsJXuUEgs.roa
Signing time:             Sat 01 Jan 2022 14:55:20 +0000
ROA not before:           Sat 01 Jan 2022 14:55:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197883
IP address blocks:        185.8.145.0/24 maxlen: 24
                          185.8.144.0/24 maxlen: 24
                          185.8.146.0/24 maxlen: 24
                          185.8.147.0/24 maxlen: 24
                          176.57.240.0/24 maxlen: 24
                          176.57.243.0/24 maxlen: 24
                          176.57.244.0/24 maxlen: 24
                          176.57.241.0/24 maxlen: 24
                          176.57.242.0/24 maxlen: 24
                          176.57.245.0/24 maxlen: 24
                          176.57.246.0/24 maxlen: 24
                          176.57.247.0/24 maxlen: 24
                          194.53.4.0/24 maxlen: 24
                          194.53.7.0/24 maxlen: 24
                          194.53.5.0/24 maxlen: 24
                          194.53.6.0/24 maxlen: 24
                          185.136.40.0/24 maxlen: 24
                          185.136.41.0/24 maxlen: 24
                          185.136.42.0/24 maxlen: 24
                          185.136.43.0/24 maxlen: 24
                          2a01:9d80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 35585072 (0x21efc30)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a00cb4b8d569477512ce57885ba6a2898fbc2d95
        Validity
            Not Before: Jan  1 14:55:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c9227248311082791f3745eb77aaac257b94120b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:96:af:3f:03:7c:b8:b6:56:8f:5a:fe:3f:87:
                    77:8d:c3:64:b2:86:88:46:66:c6:74:88:bd:45:62:
                    ee:2a:fe:3e:37:9d:24:0f:99:06:cf:68:16:de:b9:
                    12:27:3f:80:37:a8:b2:1c:9b:e2:c8:3a:eb:5d:d1:
                    18:bc:02:b8:6c:47:b0:5f:40:07:08:2d:bb:03:df:
                    22:82:17:c4:8e:f3:da:6e:5f:a4:2c:ee:bc:39:4b:
                    61:9f:5d:c7:c4:fa:7b:2e:b3:f4:6c:19:37:9a:79:
                    9c:8d:90:30:f6:ae:d0:12:49:a2:f5:d0:ee:f0:2f:
                    89:c2:2c:9b:2d:0b:cd:16:da:a5:7d:42:3e:e4:d6:
                    f1:87:c3:1b:06:c2:b2:bf:a1:37:e0:6f:7e:6c:98:
                    5e:4c:36:82:88:a0:c7:62:9d:9d:86:dd:b5:c9:ce:
                    65:94:44:7a:04:ac:b4:b4:fa:1b:81:94:e2:05:29:
                    3d:be:6b:65:0e:5f:01:1e:30:b9:47:72:d2:28:78:
                    50:ae:0a:62:5f:8c:c0:a4:c5:fe:6f:d1:a3:77:bc:
                    a4:35:2f:ce:85:d2:6e:0b:2c:31:8b:8c:f1:07:82:
                    07:63:f2:87:07:6c:fa:60:ca:ec:5d:be:59:70:72:
                    96:1e:16:56:82:da:9c:f0:2f:6e:72:e9:fd:34:0a:
                    a6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:22:72:48:31:10:82:79:1F:37:45:EB:77:AA:AC:25:7B:94:12:0B
            X509v3 Authority Key Identifier:
                keyid:A0:0C:B4:B8:D5:69:47:75:12:CE:57:88:5B:A6:A2:89:8F:BC:2D:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oAy0uNVpR3USzleIW6aiiY-8LZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f8fd59-0115-4db3-bd85-18c70ebf681a/1/ySJySDEQgnkfN0Xrd6qsJXuUEgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f8fd59-0115-4db3-bd85-18c70ebf681a/1/oAy0uNVpR3USzleIW6aiiY-8LZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.240.0/21
                  185.8.144.0/22
                  185.136.40.0/22
                  194.53.4.0/22
                IPv6:
                  2a01:9d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:16:3a:79:3b:3f:ea:e0:fa:a1:a1:f2:48:23:f0:d4:64:2f:
         1e:e0:22:39:7c:9e:84:20:cb:fb:f1:63:59:bc:db:9e:cc:81:
         c9:84:fe:d4:a7:ea:b5:91:cd:46:df:47:72:0e:04:1c:d1:f3:
         03:0a:9e:fe:c4:4e:c8:31:7c:2a:24:41:ef:aa:41:10:a4:0b:
         8a:a6:61:71:ff:7c:c4:99:6e:a3:c5:b6:59:99:6b:4e:6f:33:
         51:fc:e0:6c:ac:84:77:f6:4f:a5:7b:52:3e:a0:52:aa:91:df:
         8c:35:3b:72:d6:11:ae:9e:35:a9:88:1b:64:a1:16:1e:b4:da:
         7b:9b:6e:dc:05:c4:64:b1:91:a3:90:80:b1:07:dc:34:e8:16:
         0f:22:c8:96:98:08:f4:55:1c:98:3c:88:f8:4b:0c:41:96:1a:
         ca:f9:9e:f0:2b:3f:60:f8:31:39:62:95:5d:cd:2d:b1:58:ea:
         83:b4:85:e2:66:a3:78:e3:70:86:c6:2c:ec:f7:1c:18:16:89:
         6c:30:80:f9:9b:17:93:63:37:a1:80:1e:fe:8d:70:d2:eb:70:
         73:2c:90:12:80:2b:44:f2:c7:ef:7c:d5:66:49:77:00:1c:e1:
         6b:72:d7:9f:82:0d:63:e4:8d:40:63:ae:42:93:a6:77:06:68:
         30:a5:d2:e8
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEAh78MDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MDBjYjRiOGQ1Njk0Nzc1MTJjZTU3ODg1YmE2YTI4OThmYmMyZDk1MB4XDTIyMDEw
MTE0NTUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzkyMjcyNDgzMTEw
ODI3OTFmMzc0NWViNzdhYWFjMjU3Yjk0MTIwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMSWrz8DfLi2Vo9a/j+Hd43DZLKGiEZmxnSIvUVi7ir+Pjed
JA+ZBs9oFt65Eic/gDeoshyb4sg6613RGLwCuGxHsF9ABwgtuwPfIoIXxI7z2m5f
pCzuvDlLYZ9dx8T6ey6z9GwZN5p5nI2QMPau0BJJovXQ7vAvicIsmy0LzRbapX1C
PuTW8YfDGwbCsr+hN+BvfmyYXkw2goigx2KdnYbdtcnOZZREegSstLT6G4GU4gUp
Pb5rZQ5fAR4wuUdy0ih4UK4KYl+MwKTF/m/Ro3e8pDUvzoXSbgssMYuM8QeCB2Py
hwds+mDK7F2+WXBylh4WVoLanPAvbnLp/TQKprECAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTJInJIMRCCeR83Ret3qqwle5QSCzAfBgNVHSMEGDAWgBSgDLS41WlHdRLO
V4hbpqKJj7wtlTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29BeTB1TlZwUjNVU3psZUlXNmFpaVktOExaVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvZjhmZDU5LTAxMTUtNGRiMy1iZDg1LTE4YzcwZWJmNjgxYS8x
L3lTSnlTREVRZ25rZk4wWHJkNnFzSlh1VUVncy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
ZjhmZDU5LTAxMTUtNGRiMy1iZDg1LTE4YzcwZWJmNjgxYS8xL29BeTB1TlZwUjNV
U3psZUlXNmFpaVktOExaVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEA7A58AMEArkIkAMEArmIKAMEAsI1
BDANBAIAAjAHAwUAKgGdgDANBgkqhkiG9w0BAQsFAAOCAQEADRY6eTs/6uD6oaHy
SCPw1GQvHuAiOXyehCDL+/FjWbzbnsyByYT+1KfqtZHNRt9Hcg4EHNHzAwqe/sRO
yDF8KiRB76pBEKQLiqZhcf98xJluo8W2WZlrTm8zUfzgbKyEd/ZPpXtSPqBSqpHf
jDU7ctYRrp41qYgbZKEWHrTae5tu3AXEZLGRo5CAsQfcNOgWDyLIlpgI9FUcmDyI
+EsMQZYayvme8Cs/YPgxOWKVXc0tsVjqg7SF4majeONwhsYs7PccGBaJbDCA+ZsX
k2M3oYAe/o1w0utwcyyQEoArRPLH73zVZkl3ABzha3LXn4INY+SNQGOuQpOmdwZo
MKXS6A==
-----END CERTIFICATE-----